Control(s)

Category

Disassociated Processing (CT.DP-P): Data processing solutions increase disassociability consistent with the organization’s risk strategy to protect individuals’ privacy and enable implementation of privacy principles (e.g., data minimization).

Subcategory

• CT.DP-P1: Data are processed to limit observability and linkability (e.g., data actions take place on local devices, privacy-preserving cryptography).
• CT.DP-P2: Data are processed to limit the identification of individuals (e.g., de-identification privacy techniques, tokenization).
• CT.DP-P3: Data are processed to limit the formulation of inferences about individuals’ behavior or activities (e.g., data processing is decentralized, distributed architectures).
• CT.DP-P4: System or device configurations permit selective collection or disclosure of data elements.
• CT.DP-P5: Attribute references are substituted for attribute values.

Function

• CONTROL-P (CT-P)

What is the NIST Privacy Framework

The NIST Privacy Framework is a voluntary  tool for improving privacy through Enterprise Risk Management, to enable better privacy engineering practices that support privacy by design concepts and
help organizations protect individuals’ privacy. The Privacy Framework can support organizations in:

• Building customers’ trust by supporting ethical decision-making in product and service design or
  deployment that optimizes beneficial uses of data while minimizing adverse consequences for
  individuals’ privacy and society as a whole;1
• Fulfilling current compliance obligations, as well as future-proofing products and services to
  meet these obligations in a changing technological and policy environment; and
• Facilitating communication about privacy practices with individuals, business partners,
  assessors, and regulators.

Source: https://www.nist.gov/privacy-framework/privacy-framework

Note: NIST and related copyright and trademarks belong to their respective owner(s). This guide is for educational purposes only.